[email protected]
[Top] [All Lists]

Re: Symptoms vs. Causes

Subject: Re: Symptoms vs. Causes
From: Hannes Tschofenig
Date: Wed, 12 Sep 2007 10:00:46 +0200
The entire issue depends to some extend also on the communication model you have in mind.

If you consider an approach that is closer to SAML or OpenID then the end host interacts with the identity provider directly. If you, however, focus on something that is close to the AAA model then the end host interacts with the service provider (who then relays the information it gets to the identity provider, i.e., AAA server).

In the latter case the mentioned dictionary attack is more important since you obviously don't want to give your username/password away to an arbitrary entity. Still, there are obviously a number of solutions available to provide protection.


Christian Huitema wrote:
There are a large number of protocol designs--even existing
protocols--which are compatible with the general paradigm of "user U
proves possession of password P to server A without giving A a
credential which can be used to impersonate U to server B".
HTTP Digest, TLS-PSK, SRP, and PwdHash all come to mind. The
difficult parts are:

(1) putting a sensible UI on it--including one that isn't easily
    spoofed (see the extensive literature on how hard it is
    to build a secure UI.
(2) Getting everyone to agree on one protocol.

Please add:

(3) The chosen solution is immune to dictionary attacks.

-- Christian Huitema

Ietf mailing list
[email protected]

Ietf mailing list
[email protected]

<Prev in Thread] Current Thread [Next in Thread>